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■- r/ie MAILING DATE of this communication appears on the cover sheet with the correspondence address - 
Period for Reply 

A SHORTENED STATUTORY PERIOD FOR REPLY IS SET TO EXPIRE 3 MONTH(S) FROM 
THE MAILING DATE OF THIS COMMUNICATION. 

- Extensions of time may be available under the provisions of 37 CFR 1.136(a). In no event, however, may a reply be timely filed 
after SIX (6) MONTHS from the mailing date of this communication. 

- If the period for reply specified above is less than thirty (30) days, a reply within the statutory minimum of thirty (30) days will be considered timely. 

- If NO period for reply is specified above, the maximum statutory period will apply and will expire SIX (6) MONTHS from the mailing date of this communication. 

- Failure to reply within the set or extended period for reply will, by statute, cause the application to become ABANDONED (35 U.S.C. § 133). 
Any reply received by the Office later than three months after the mailing date of this communication, even if timely filed, may reduce any 
earned patent term adjustment. See 37 CFR 1.704(b). 

Status 

1)D Responsive to communication(s) filed on . 

2a)n This action is FINAL. 2b)H Tiiis action is non-final. 

3) n Since this application is in condition for allowance except for fomnai matters, prosecution as to the merits is 

closed in accordance with the practice under Ex parte Quayle, 1935 CD. 11, 453 O.G. 213. 

Disposition of Claims 

4) 13 Claim(s) 1-18 is/are pending in the application. 

4a) Of the above claim(s) is/are withdrawn from consideration. 

5) n Claim(s) is/are allowed. 

6) 13 Claim(s) 1-18 is/are rejected. 
/)□ Claim(s) is/are objected to. 

8) \3 Claim(s) are subject to restriction and/or election requirement. 

Application Papers 

9) 0 The specification is objected to by the Examiner. 

10)13 The drawing(s) filed on is/are: a)n accepted or b)S objected to by the Examiner. 

Applicant may not request that any objection to the drawing(s) be held in abeyance. See 37 CFR 1.85(a). 

Replacement drawing sheet(s) including the correction is required if the drawing(s) is objected to. See 37 CFR 1121(d). 
1 1 )□ The oath or declaration is objected to by the Examiner. Note the attached Office Action or fomn PTO-152. 

Priority under 35 U.S.C. § 119 

12)0 Acknowledgment is made of a claim for foreign priority under 35 U.S.C. § 119(a)-(d) or (f). 
a)n All b)n Some * c)n None of: 

1 .□ Certified copies of the priority documents have been received. 

2.n Certified copies of the priority documents have been received in Application No. . 



3.n Copies of the certified copies of the priority documents have been received in this National Stage 
application from the International Bureau (PCT Rule 17.2(a)). 
See the attached detailed Office action for a list of the certified copies not received. 
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DETAILED ACTION 
Priority 

1 . If applicant desires priority under 35 U.S.C. 120 based upon a previously filed application, 
specific reference to the earlier filed application must be made in the instant appUcation. For 
benefit claims under 35 U.S.C. 120, 121 or 365(c), the reference must include the 
relationship (i.e., continLMation, divisional, or coinitiinLBation-in-paii:) of the applications. 
This should appear as the first sentence of the specification following the title, preferably as a 
separate paragraph unless it appears in an application data sheet. A statement reading 'This 
is a contiimation, divisional, or continuation-in-part of Application No. ***, filed ***." 
should be entered following the title of the invention or as the first sentence of the 
specification. 

2. Regarding the "Response to request corrected filing receipt" (mailed date 8/3 1/2001), the 
continuity claimed under 35 USC 120 cannot be added to the filing receipt without supplying 
the relationship (i.e. continuation, divisional, or continuation-in-part). 

Drawings 

3. Figure 1 should be designated by a legend such as —Prior Art— because only that which is 
old is illustrated. See MPEP § 608.02(g). A proposed drawing correction or corrected 
drawings are required in reply to the Office action to avoid abandonment of the application. 
The objection to the drawings will not be held in abeyance. 

4. New corrected drawings are required in this application because the brief description texts 
are not visible in Figures 18, 19, and 20,. Applicant is advised to employ the services of a 
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competent patent draftsperson outside the Office, as the U.S. Patent and Trademark Office no 
longer prepares new drawings. The corrected drawings are required in reply to the Office 
action to avoid abandonment of the application. The requirement for corrected drawings will 
not be held in abeyance. 



The following is a quotation of the second paragraph of 35 U.S. C. 112: 

The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the 
subject matter which the applicant regards as his invention. 

5. Claims 1-16 and 18 are rejected under 35 U.S.C. 112, second paragraph, as being indefinite 

for failing to particularly point out and distinctly claim the subject matter which applicant 

regards as the invention. 

In claim 1 recites, . .the packet to a network device connected to the tier of forwarding 

agents that includes the forwarding agent..." in lines 10-11 (of claim 1). In particular, it is 

unclear which agent(s) is/are "the tier of forwarding agents" since there are two tiers of 

forwarding agents (i.e. a first tier of forwarding agents and a second tier of forwarding 

agents). Moreover, it is unclear which type of forwarding agent is included in "the tier of 

forwarding agent". 

Claims 9, 16 and 18 are also rejected for the same reason as descried above in claim 1. 
Claims 2-8, and 10-15 are also rejected since they are depended upon rejected claims. 



Claim Rejections - 35 USC § 112 



# 
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Claim Rejections - 35 USC §102 



The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the 
basis for the rejections under this section made in this Office action: 
A person shall be entitled to a patent unless - 

(e) the invention was described in (1) an application for patent, published under section 122(b), by another filed 
in the United States before the invention by the applicant for patent or (2) a patent granted on an application for 
patent by another filed in the United States before the invention by the applicant for patent, except that an 
international application filed under the treaty defined in section 35 1(a) shall have the effects for purposes of this 
subsection of an application filed in the United States only if the international application designated the United 
States and was published under Article 21(2) of such treaty in the English language. 

6. Claims 1, 5, 8, 9, 13 and 16-18 are rejected under 35 U.S.C. 102(e) as being anticipated by 
Hart (U.S. 6,269,404). 

Regardiiug Claims 1, 9, and 16-18, Hart'404 discloses a service manager (see FIG. 
3, VLANAWET server 125) configured to distribute packets to multiple tiers of forwarding 
agents (see FIG. 3, the combined system of VLANAWET (VA^ Agents 127-128 and 
Edge devices 121-122,124) comprising: 

means for receiving packets (see FIG. 7, step 150, see FIG. 8, step 250; receiving 
frames/packets) from a first tier of forwarding agents (see FIG. 3, the combined system of 
first VLANA^ET (VAO Agent 127 and first Edge device 121; note that it is well-known 
in the art that there are plnraMty of agent edge-devices in the network clond 120, which 
are connected to the VLANA^ET server 125; see coL 7, lines 35-43; coL 9, lines 1-6; 48- 
57) connected to a first tier of network devices (see FIG. 3; a plurality of nodes hat 
connects to ports Pl-PN of LAN segments of the first edge device 121; see col 7, lines 
16-26) and 

a second tier of forwarding agents (see FIG. 3, the combined system of second 
VLANATHET (VAO Agent 128 and second Edge device 122; note that it is well-known 
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in the art that there are plurality of agent edge-devices in the network cloud 120, which 
are connected to the VLANA^ET server 125) connected to a second tier of network 
devices (see FIG. 3; a plurality of nodes hat connects to ports Pl-PN of LAN segments 
of the first edge device 122; see col. 7, lines 26-34); 

means for determining the tier of a sending forwarding agent that sends a packet (see 
FIG. 8, step 255, a VA^ server determines the VNET domain of frame that send a 
frame/packet; see col. 9, lines 57-59); and 

means for sending an instruction (see FIG. 8, an frame/packet identifying the 
authorized end nodes according to the member list; see col. 4, lines 10-18; see col. 9, 
lines 63-65) to the sending forwarding agent (see FIG. 8, steps 256-258; note that a VA^ 
server sends a instruction/control/management frame/packet to the combined system of 
agent and edge device; see col. 10, lines 1-6) directing the sending forwarding agent to 
forward the packet to a network device connected to the corresponding tier of forwarding 
agents that includes the sending forwarding agent (see FIG. 8, step 259; note that the VA^ 
server's instruction/control/management frame/packet identifies the authorized end 
nodes. The first/second combined system of VA^ agent and edge device forwards the 
packet/frame to the node, which is connected to its ports. Also, note that the server 
sends an instruction/control packet to each combined agent-edge node which includes 
the sending combined system agent and edge device; see col. 10, lines 5-16, see col. 4, 
lines 15-22). 
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Regarding Claims 5 and 13, Hart'404 discloses wherein the tier of the forwarding 
agent is determined by the subnet of the forwarding agent (see FIG. 8, step 255; see col. 9, 
lines 57-59; note that the server determines the location (i.e. tier) of the combined 
system of agent and edge device by determining the virtnal network domain of the 
combined system. Note that the virtual network domain is build within the network 
domain, thns it is a snbnet of the network domain.) 

Regarding claim 8, Hart'404 discloses wherein second tier of forwarding agents are 
also connected to the first tier of network devices (see FIG. 3, the combined system of first 
VLANA^ET (VAO Agent 127 and first Edge device 121 is connected to the combined 
system of second VLANA^ET (VA^ Agent 128 and second Edge device 122 via 
backbone network 120). 



The following is a quotation of 35 U.S. C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in 
section 102 of this title, if the differences between the subject matter sought to be patented and the prior art are 
such that the subject matter as a whole would have been obvious at the time the invention was made to a person 
having ordinary skill in the art to which said subject matter pertains. Patentability shall not be negatived by the 
manner in which the invention was made. 



Claim Rejections - 35 USC §103 



7. Claims 2, 3, 10 and 1 1 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
Hart*404 in view of Coss (U.S. 6,141,749). 
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Regarding claims 2 and 10, Hart'404 discloses wherein the first tier of network 
devices and wherein the service manager is further configured to: 

determine whether the packet belongs to a connection/address that has already been 
assigned to the network device (see FIG, 8, step 257, the VA^ server determines whether 
the address of packet belongs address/connection table which has been assigned to the 
node; see coL 9, lines 60-65); and 

in the event that the connection/address has been assigned to the network device (see 
FIG. 8, Step 257, when the address/connection is ffonnd in the list; see coL 9, lines 63- 



selecting the network device to send/receive the packet (see FIG. 8, step 258, a 
control/instniction packet is forwarded to the network node which conples to the 
combined system of agent and edge device; see col. 9, lines 63-65). 

Hart'404 does not explicitly disclose wherein the first tier of network devices include 
state tracking network devices that keep track of the state of connections and in the event that 
the tier of the forwarding agent is connected to one of the state tracking network devices, 
selecting the same state tracking network device to receive the packet. 

However, the above-mentioned claimed hmitations are taught by Coss749. In 
particular, Coss749 teaches wherein the first tier of network devices include state tracking 
network devices (see FIG. 1, FirewaH 111, 113 and 114) that keep track of the state of 
connections (see FIG, 3 and 4; see col. 4, lines 17-25; see col. 5, lines 59-67; note that the 
firewall caches/stores/keep-tracks of the security rales and network access 
connections/patterns for each packet); and 



65), 



• 
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in the event that the tier of the forwarding agent (see FIG. 1, Edge router 115 to 
network 105) is connected to one of the state tracking network devices (see FIG- 1, Router 
115 is coBBected to FW 111, 113 amid 114); see coL 3, limes 39-47, 

determine whether the packet belongs to a connection that has already been assigned 
to the state tracking network device (see FIG. 5A, step 502, 503, 504 and 506; note that a 
packet is determines whether it belongs to the coimectiom session assigned to a 
particular firewall that has already applied the rale processing; see coL 2, lines 8-16; see 
col. 7, Hnes 7-16); 

in the event that the connection has been assigned to the state tracking network device 
(see FIG. 5A, steps 504 and 507; see col. 2, lines 12-18; see col. 7, Hnes 16-45; note the 
after determining that a packet belongs to the same connection session assigned to a 
particnlar firewall that has already applied the rale processing); 

selecting the same state tracking network device to receive the packet (see col. 2, 
lines 12-18; note that the same connection session assigned to a same firewaU that has 
already applied the rnle processing is selected and nsed to process the packet). 

In view of this, having the system of Hart*404 and then given the teaching of 
Coss749, it would have been obvious to one having ordinary skill in the art at the time the 
invention was made to modify the system of Hart*404, for the purpose of providing a firewall 
that connects to the forwarding agent/router and caching the connection session assigned to a 
particular firewall that has aheady applied the rule processing as taught by Coss749, since 
Coss749 states the advantages/benefits at col. 2, lines 17-19 that it would avoid the need to 
apply the rule set to each incoming packet. The motivation being that by providing the 



Application/Control Number: 09/77 1 ,232 Page 9 

Art Unit: 2661 

firewall, it can prevent the local area network from malicious attacker and by providing the 
caching mechanism to cache the session associated with the rules and assigning to the 
subsequent packet, it can avoid duplicate processing since each packet belongs to the same 
session dedicated to the same firewall. 

Regarding claims 3 and 11, Hart'404 discloses wherein the state tracking network 
device is a firewall (see FIG. 1, Firewall 111, 113, or 114). 

8. Claim 4 and 12 are rejected under 35 U.S.C. 103(a) as being unpatentable over Hart'404 and 
Coss749, as appUed to claims 1-3, 9-1 labove, and further in view of Colby (U.S. 6,006,264). 

Regarding claims 4 and 12, the combined system of Hart*404 and Coss749 discloses 
a firewall and the service manager as discloses in claims 1-3 and 9-11 above. 

Neither Hart'404 nor Coss749 explicitly discloses wherein the server (see Colby'264 
FIG. Ic; a candidate Web server 100a, 100b, or 100c; see coL 5, lines 43-50) is initially 
chosen for a first packet that requests a connection (see Colby'264 FIG. Ic, Content reqnest 
traffic/packet flow; FIG. 3, step 402, and see FIG. 4, step 436 and 438; Client request; 
see col. 10, lines 24-40; see coL 8, lines 34-55; note that the client requests for a 
connection and a server is selected) and 

wherein the same server is chosen for a second packet that responds to the first packet 
(see Colby'264 FIG. Ic, Response traffic/packet flow from the server; see col. 5, lines 42- 
50; see FIG. 3, steps 412, 416, 426 and 428; note that the same server selected for a 
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response traffic/packet that responds to the request packet/traffic; see coL 8, lines 34- 



However, the above-mentioned claimed limitations are taught by Colby*264. Note that 
the combined system of Hart*404 and Coss749 teaches the firewalls. It is well known in the 
art that the firewalls are the servers, which serves the client's request for connection. Thus, 
the firewalls can be modified with the server functionality. In view of this, having the 
combined system of Hart'404 and Coss749, then given the teaching of Colby264, it would 
have been obvious to one having ordinary skill in the art at the time the invention was made 
to modify the combined system of Hart*404 and Coss749, for the purpose selecting a 
server/firewall from plurality of servers, as taught by Colby264, since Colby'264 states the 
advantages/benefits at col. 3, lines 60-67 that it would avoid congestion and bottlenecks in 
the network. The motivation being that by selecting the most qualify server for a request, it 
can reduce the congestion and increase throughputs. 

9. Claims 6, 7, 14 and 15 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
Hart'404 in view of well-established teaching in art. 

Regarding claims 6 and 14, Hart'404 discloses wherein the tier of the node is 
determined by the port of the nodes at the forwarding agent(see FIG, 3, LAN ports Pl-PN; 
see coL 4, lines 25-35; note that the combined system of the agent and edge device 
determines the location of each node by the ports since each network domain is 
associated with the ports). 



55). 



9 # 
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Hart'404 does not explicitly disclose wherein the service manager (i.e. server) 
determines the tier of the forwarding agent by the port of the forwarding agent. 

However, the above-mentioned claimed limitations are taught by well-established 
teaching in art. In particmlar, it is well known in the art the service manager (i.e. 
Hart'404' s server) can be implemented with the same functionality as the forwarding 
agent (Le. the combined system of agent and edge device) since each forwarding agent is 
connected to the service manager via the ports). Thus, the tier (i.e. location) of each 
combined system of agent and edge device is can be determined by the port of the 
combined system at the server. 

In view of this, having the system of Hart'404 and then given the teaching of well 
established teaching in art, it would have been obvious to one having ordinary skill in the art 
at the time the invention was made to modify the system of Hart*404, for the purpose of 
providing the server with the same functionality as the agent device in order to 
locate/determine the location of each agent device. The motivation being that by providing 
the server with the functionality of the agent, it can reduce the overhead processing at each 
agent, and increase the centrahzed controlling system to the server since the server can 
located each agent device utilizing the ports. 

Regarding claims 7 and 15, Hart'404 discloses wherein the tier of the node is 
determined by the inclusion of the address of the node in a list for the tier at the agent edge 
device (see FIG. 4, table 218; see coL 8, lines 1-36; note that the combined system of the 
agent and edge device determines the location of each node by the table/list which 
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contains the address of the node). Moreover, Hart*404 discloses the service manager 
determines the tier of the forwarding agent device (see col. 9, lines 57-60) and the tier of the 
node address in a Ust (see col. 9, lines 60-65). 

Hart'404 does not explicitly disclose wherein the forwarding agent is determined by 
the inclusion of the IP address of the forwarding agent in a list. 

However, the above-mentioned claimed limitations are taught by well-established 
teaching in art. In particnlar, it is well known in the art the service manager (i.e. 
Hart'404's server) can be implemented with the fnnctionality as the forwarding agent 
(i.e. the combined system of agent and edge device) since the service manager has a 
capability to store and determine the virtual address domain of each agent edge device 
and address of each anthorized nodes (see FIG. 4, Table 216; see col. 8, lines 1-36). 
Also, it is well known in the art that routing/forwarding/secnrity table/Hst mnst inclnde 
the IP address. Thns, the tier (i.e. location) of each combined system of agent and edge 
device is can be determined by inclnding the IIP address of the combined system at the 
server's table. 

In view of this, having the system of Hart*404 and then given the teaching of well 
estabUshed teaching in art, it would have been obvious to one having ordinary skill in the art 
at the time the invention was made to modify the system of Hart'404, for the purpose of 
providing the server with the functionality as the agent device in order to locate/determine 
the location of each agent device. The motivation being that by providing the server with the 
functionality of the agent, it can reduce the overhead processing at each agent, and increase 
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the centralized controlling system to the server since the server can located each agent device 
utilizing the IP address. 
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Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Ian N Moore whose telephone number is 703-605-1 53 1 . The 
examiner can normally be reached on M-F: 9-5. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Ken Vanderpuye can be reached on 703-308-7828. The fax phone number for the 
organization where this application or proceeding is assigned is 703-872-9306. 

Information regarding the status of an application may be obtained from the Patent 
Application Information Retrieval (PAIR) system. Status information for published applications 
may be obtained from either Private PAIR or Public PAIR. Status information for unpublished 
applications is available through Private PAIR only. For more information about the PAIR 
system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR 
system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). 
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